string sanitization even for their own new actions

string sanitization even for their own new actions

Fix for FS#2522 / Now all places of $lang['restored'] are covered with the restored-date information

This also fixes a problem wiht PHP 5.4 when there is metadata but the
date key is empty.

This allows easier identifying of which version has been restored. (FS#2522)

This makes the security token more robust agains session fixation
attacks. A CSRF warning will no longer abort a page save but lead to the
preview mode to avoid information loss when a user logs in during
editing (eg in another tab).

This disables lock and draft creation for pages the user can't edit. It
additionally adds a security token to the draft creation and deletion
request so - at least for logged in users - drafts can't be created,
modified or deleted so easily anymore.

As of VIM 7.3 it is no longer possible to specify the encoding in the
modeline. This gives an error message whenever such a file is opened,
thus this commit removes the enc setting from the modeline.

The action handler for the sitemap now makes use of the sitemapper
methods for determining the filename and uses http conditional requests.

This makes it possible to autoload the sitemapper when needed.

50e988b1 accidentally stopped act_dispatch from calling act_edit for locked
pages, thus showing a generic »page not writable« message instead of a
page lock message.

The new COMMON_PAGE_FROMTEMPLATE is triggered by pageTemplate AFTER the template
has been read but before performing the template replacements.

Edit conflicts occur when a page has been edited since starting the current edit.
In order to detect them, the date of the newest revision is saved.

Classes are loaded throug PHP5's class autoloader, all other
includes are just loaded by default. This skips a lot of
require_once calls.

Parser and Plugin stuff isn't handled by the class loader yet.